The number of breached user accounts climbed 156% to hit 110.8 million in the second quarter of 2023, with the US and Russia among the top locations where these users reside.
Some 49.8 million of breached accounts were from the US, accounting for 45% of the global figure. Russia ranked second at 15.3 million, followed by Spain at 3.7 million, according to the latest numbers from VPN provider Surfshark. Worldwide, data breaches grew 2.6 times compared to the first quarter, with an average of 855 accounts leaked every minute in the second quarter.
A data breach is deemed to have occurred when user data such as email addresses and passwords have been leaked or copied. One breached email address is counted as a single breached user or account, said Surfshark. Its research is based on data from 29,000 publicly available databases and aggregated by email addresses, with locations determined via various parameters including IP addresses, coordinates, currency, and phone numbers. Markets with less than 1 million in population are not included in Surfshark's analysis.
For the second quarter, North America was the most affected region in terms of the number of data breaches, with Europe second and Asia third. North America also clocked the highest quarterly climb, from 5.6 million in the first quarter to 51.3 million in the second quarter.
France, Turkey, Australia, India, Italy, the UK, and Brazil rounded up the top 10 most breached markets for the latest quarter. Almost 19% of breached accounts were from unknown locations.
Taiwan, though, saw a significant drop in compromised accounts for the quarter at 17,900, compared to 4 million breached user accounts in the previous quarter, when it ranked third as the most breached market.
Pointing to the high quarterly increase, Surfshark's lead researcher Agneska Sablovskaja said the growing number of data breaches indicated that current data protection measures were insufficient. "Sensitive information remains at risk as cybercriminals continue to access it in ever higher numbers," Sablovskaja said.
More than 16.48 billion accounts have been breached since 2004, of which 5.8 billion have unique email addresses, according to the VPN provider's tracker. The figures indicate a single email address is breached on average three times, with 75 unique email addresses breached per 100 people. Surfshark noted that most people would use the same email to register for different online accounts.
Government sector growing target in cybersecurity attacks
Government agencies also are experiencing more cybersecurity attacks, revealed a separate report from BlackBerry released Thursday, which noted a 40% spike in attacks targeting the public sector between March and May this year. The Canada-based company is responsible for securing more than 500 million endpoints worldwide, including more than 235 million vehicles.
BlackBerry's vice president of threat research and intelligence, Ismael Valenzuela, said: "With limited resources and immature cyber defense programs, [governments and public services organizations] are struggling to defend against the double-pronged threat of both nation states and cybercriminals."
He noted that public services operators such as electricity, public transit, and schools, were targets of cybercriminals and other threat actors, which aimed to create maximum havoc and often faced very little resistance.
Valenzuela stressed the need for the public sector to boost their security strategies and safeguard vital services and institutions on which societies depend.
BlackBerry's latest Global Threat Intelligence Report also revealed an average of 1.7 new malware samples deployed per minute, up 13% from the previous reporting period. It indicates attackers were working to diversify their tooling to circumvent defense measures, the report noted.
It also pointed to the healthcare and financial services sectors as the most targeted, with the latter facing a rise in mobile malware targeting digital banking services.